Chronosphere Onboarding Guide

Overview

is a flexible telemetry pipeline that can stream logs from a variety of sources to an in Panther.

While this guide only explains how to configure Chronosphere Telemetry Pipeline with a Panther HTTP Source, it is also possible to stream logs to an in Panther. If you would like to stream logs to an S3 Source, use the in Chronosphere Telemetry Pipeline.

How to route logs to Panther using Chronosphere Telemetry Pipeline

Prerequisite

• Ensure you have followed the , which includes creating a . Chronosphere Telemetry Pipeline can run on Linux and Kubernetes environments.

Step 1 (Optional): Decide where to filter and/or transform logs

If your raw logs need to be filtered out or transformed in some way, those actions can happen in Chronosphere or Panther.

Step 2: Create an HTTP source in Panther

1. Follow .

   • For the authentication method, select .

   • If you created a schema in Panther in Step 1, attach it to the source. If you haven't created a schema yet, you can .

2. If you'd like to use , follow one of the instructions sets below:

Step 3: Configure Chronosphere Telemetry Pipeline to forward to the HTTP endpoint

1. In the Chronosphere Telemetry Pipeline web interface, navigate to your Core Instance.

3. 1. In the Add or Edit Source slide-out panel, select a source tile.

   2. Configure the source as desired, then click Save.

4. 2. Under General, set the following fields:

      1. Host: Enter the HTTP Source URL you generated in Panther in Step 2.

      2. Port: Enter 443.

      3. URI: Enter the end of the HTTP Source URL you generated in Panther in Step 2, starting with /http/.
   3. Under Advanced, add a Key/Value pair under Headers.

      • Key: Enter the Shared Secret key you entered in Panther in Step 2.
   5. Click Save.

7. Configure your log sources to route to the endpoint or port defined by the pipeline’s source(s).